[docsy] Add security page, replace overview by redirect (#78)

Author: chalin

content/en/_index.md

@@ -34,16 +34,24 @@ integrations</a>
 
 {{% blocks/section color="dark" type="row" %}}
 
-{{% blocks/feature icon="fa-solid fa-lock" title="Software supply chain protection" url="/docs/overview/" %}}
-**Supply chain compromises are becoming a frequent occurrence. in-toto can help
-you protect your software supply chain.** {{% /blocks/feature %}}
+{{% blocks/feature icon="fa-solid fa-lock" title="Software supply chain protection" url="/docs/" %}}
+
+Supply chain compromises are becoming a frequent occurrence. in-toto can help
+you protect your software supply chain.
+
+{{% /blocks/feature %}}
 
 {{% blocks/feature icon="fa-solid fa-book" title="Open, extensible standard" url="/docs/specs/" %}}
-**in-toto is an open metadata standard that you can implement in your software's
-supply chain toolchain.** {{% /blocks/feature %}}
+
+in-toto is an open metadata standard that you can implement in your software's
+supply chain toolchain.
+
+{{% /blocks/feature %}}
 
 {{% blocks/feature icon="fa-solid fa-gear" title="Extensive tooling" url="https://github.com/in-toto" %}}
-**You can use in-toto today by using our Apache-licensed libraries and tools.**
+
+You can use in-toto today by using our Apache-licensed libraries and tools.
+
 {{% /blocks/feature %}}
 
 {{% /blocks/section %}}

content/en/about.md

@@ -13,14 +13,19 @@ menu: { main: { weight: 10 } }
 {{% param whatIsInToto %}}
 
 To learn more, see [What is in-toto](/docs/what-is-in-toto/) and
-[Overview](/docs/overview/).
+[Overview]({{% param overview_url %}}).
 
 ## Governance
 
 The in-toto project is managed by the [Linux Foundation] under the [Cloud Native
 Computing Foundation][CNCF]. Contributors and maintainers are governed by the [CNCF
 Community Code of Conduct][CoC]. For details, see [Governance].
 
+The in-toto project is led by Prof. Santiago Torres-Arias at Purdue University.
+It has many contributors from academia and industry, including members of the
+[Secure Systems Lab] at NYU and the
+[NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity).
+
 ## Funding
 
 {{% param funding %}}
@@ -29,5 +34,6 @@ Community Code of Conduct][CoC]. For details, see [Governance].
 [CoC]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
 [Governance]: https://github.com/in-toto/community/blob/main/GOVERNANCE.md
 [Linux Foundation]: https://www.linuxfoundation.org
+[Secure Systems Lab]: https://ssl.engineering.nyu.edu
 
 {{% /blocks/section %}}

content/en/docs/demo.md

@@ -1,7 +1,6 @@
 ---
-title: in-toto demo
-linkTitle: Demo
-weight: 8
+title: Demo
+weight: 30
 ---
 
 In this demo, we will use in-toto to secure a software supply chain with a very
@@ -17,5 +16,5 @@ For the sake of demonstrating in-toto, you will perform all parts of the
 software supply chain. This means you will execute commands on behalf of Alice,
 Bob, and Carl, as well as the client who verifies the final product.
 
-For further steps, please refer to the
+For further steps, refer to the
 [demo](https://github.com/in-toto/demo/blob/main/README.md).

content/en/docs/faq.md

@@ -1,7 +1,7 @@
 ---
 title: Frequently asked questions
 linkTitle: FAQ
-weight: 1000
+weight: 900
 ---
 
 ### Why the name “in-toto”?

content/en/docs/getting-started.md

@@ -1,6 +1,9 @@
 ---
 title: Getting started
-weight: 2
+weight: 20
+# EDITORIAL NOTE: the content below was copied from the main in-toto repository
+# For details, see:
+# https://github.com/in-toto/in-toto.io/issues/75
 ---
 
 in-toto provides a framework to protect the integrity of the software supply
@@ -20,8 +23,6 @@ The layout, signed by the project owners, together with the links, signed by the
 designated functionaries, are released as part of the final product, and can be
 validated manually or via automated tooling in, e.g. a package manager.
 
-## Getting Started
-
 ### Installation
 
 in-toto is available on [PyPI](https://pypi.org/project/in-toto/) and can be
@@ -178,41 +179,7 @@ For a detailed list of all command line arguments and their usage, run
 `in-toto-sign --help` or look at the
 [online documentation](https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-sign.html).
 
-## in-toto demo
-
-You can try in-toto by running the
-[demo application](https://github.com/in-toto/demo). The demo basically outlines
-three users viz., Alice (project owner), Bob (functionary) and Carl
-(functionary) and how in-toto helps to specify a project layout and verify that
-the layout has been followed in a correct manner.
-
-## Specification
-
-You can read more about how in-toto works by taking a look at the
-[specification](https://github.com/in-toto/docs/blob/master/in-toto-spec.md).
-
-## Security Issues and Bugs
-
-See [SECURITY.md](https://github.com/in-toto/in-toto/blob/develop/SECURITY.md).
-
-## Governance and Contributing
-
-For information about in-toto's governance and contributing guidelines, see
-[GOVERNANCE.md](https://github.com/in-toto/in-toto/blob/develop/GOVERNANCE.md)
-and
-[CONTRIBUTING.md](https://github.com/in-toto/in-toto/blob/develop/doc/source/CONTRIBUTING.md).
-
-## Acknowledgments
-
-This project is managed by Prof. Santiago Torres-Arias at Purdue University. It
-is worked on by many folks in academia and industry, including members of the
-[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the
-[NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity).
+## What next?
 
-This research was supported by the Defense Advanced Research Projects Agency
-(DARPA), the Air Force Research Laboratory (AFRL), and the US National Science
-Foundation (NSF). Any opinions, findings, and conclusions or recommendations
-expressed in this material are those of the authors and do not necessarily
-reflect the views of DARPA, AFRL, and NSF. The United States Government is
-authorized to reproduce and distribute reprints notwithstanding any copyright
-notice herein.
+- Try the [demo](../demo).
+- Consult the [specifications](../specs).